weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,151 Commits 45 Branches 0 Tags 96 MiB
00a20097b6
Commit Graph

559 Commits

Author SHA1 Message Date
Nils Mueller
00a20097b6 Add option to load Vault CA bundle from Kubernetes Secret 
Vault distributions like "Bank Vaults" automatically configure
and provision Vault and provide the CA bundle via a Kubernetes
Secret. Having to hard-code the bundle in the Issuer instead
of dynamically referencing it through the Secret requires
a manual second step when using a GitOps workflow.

Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-15 03:10:51 +03:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
jetstack-bot
b84ea96d73
Merge pull request #5194 from Compy/master 
Support secrets for Route53 Access Key IDs
 2022-07-05 12:33:21 +01:00
joshvanl
f1d7c43276 Updates wording for aws rout53 dns CRD field comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-04 17:06:40 +01:00
oGi4i
cb2cabb06f
Add private key Ingress annotations to set private key properties for Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-28 17:45:08 +03:00
oGi4i
3148b17fa5
Add revision history limit Ingress annotation to set field on the Certificate 
Signed-off-by: oGi4i <das.ogi4i@gmail.com>
 2022-06-21 15:12:09 +03:00
Compy
9c47be0964 Changed SecretAccessKeyID member to pointer as it is optional and tagged omitempty. Added issuer tests for access key ID secret validation. Added issuer API validations for AccessKeyID/SecretAccessKeyID. 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-17 22:52:17 -05:00
Compy
561103934d Updating and regenerating CRDs to make SecretAccessKeyID field usage more clear 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-11 10:48:10 -05:00
Compy
153e5420cf Add support for pulling Route53/AWS access key IDs out of secrets 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-08 16:33:00 -05:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
jetstack-bot
86ad9962a3
Merge pull request #4967 from maelvls/gwapi-v1alpha2-optional-labels 
Gateway API: with v1alpha2, the labels have become optional
 2022-03-30 15:11:33 +01:00
Jake Sanders
b72db63761
Change label description for HTTP-01 Gateway API solver and fix tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-30 12:52:34 +01:00
irbekrm
d384aef754 Enforce minimum value of experimental.cert-manager.io/request-duration to 600s 
To ensure compatibility with CSR's spec.expirationSeconds

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-22 18:04:21 +00:00
Maël Valais
4b3af946db gateway-api: with v1alpha2, the labels have become optional 
Previously, in v1alpha1, an HTTPRoute was matched to a Gateway using
the label selectors present on the Gateways. For example, with the
following Gateway:

  apiVersion: networking.x-k8s.io/v1alpha1
  kind: Gateway
  metadata:
    name: acmesolver
  spec:
    listeners:
      - protocol: HTTP
        port: 80
        routes:
          kind: HTTPRoute
          selector:
            matchLabels:
              app: foo

you would have to use the following labels on the HTTPRoute in order to
get the above Gateway to be used:

  apiVersion: networking.x-k8s.io/v1alpha1
  kind: HTTPRoute
  metadata:
    labels:
      app: foo

With v1alpha2, the label selectors have been dropped. Instead, the
HTTPRoute has to give a direct reference to the Gateway:

    apiVersion: gateway.networking.k8s.io/v1alpha2
    kind: HTTPRoute
    spec:
      parentRefs:
        - kind: Gateway
          name: acmesolver
          namespace: traefik

This means that the "labels" field on the gatewayHTTPRoute solver is now
optional:

    apiVersion: cert-manager.io/v1
    kind: Issuer
    spec:
      acme:
        solvers:
          - http01:
              gatewayHTTPRoute:
                labels:              | This field is
                  app: test          | now optional.
                parentRefs:
                  - kind: Gateway
                    name: acmesolver

Signed-off-by: Maël Valais <mael@vls.dev>
 2022-03-21 17:39:10 +01:00
irbekrm
dbad3d98f3 Rename issuanceAttempts -> failedIssuanceAttempts 
In an attempt to convey the meaning of the field better

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
affb5e86ef Adds IssuanceAttempts field to Certificate's status 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
Joakim Ahrlin
f5275cf1cc add enum for rotationPolicy 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-03 16:31:23 +01:00
Joakim Ahrlin
eb64e6494c
update deps and BUILD files 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-03-01 15:05:18 +00:00
Jake Sanders
c96d91d586
Update the sig-network Gateway API support to v1alpha2 
Co-authored-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 15:05:17 +00:00
jetstack-bot
10c5d72279
Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests 
Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate
 2022-02-16 10:57:37 +00:00
jetstack-bot
12a2148df3
Merge pull request #4794 from JoshVanL/controllers-server-side-apply-issuers 
Server Side Apply: Adds support for [Cluster]Issuer controller to use SSA with Feature Gate
 2022-02-11 19:37:01 +00:00
joshvanl
49108a0278 Adds list map type to Conditions for both Issuers and Cluster Issuers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:26:56 +00:00
joshvanl
26c26c7ce2 Adds list type map to CR Conditions field 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:21:19 +00:00
joshvanl
279a8ede99 Adds listType=map and listMapKey=type to Certificate Status Conditions 
field

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-11 16:14:31 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
35fba365bf Update AdditionalOutputFormats comment to reflect addition of feature to 
webhook set.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:04:55 +00:00
jetstack-bot
051a763ee5
Merge pull request #4638 from JoshVanL/controllers-certificates-secret-template 
SecretTemplate reconciliation. SecretManager Apply
 2022-01-18 13:28:57 +00:00
jetstack-bot
e2aede44c7
Merge pull request #4731 from DiptoChakrabarty/lint 
add go linters fixes within codebase
 2022-01-18 12:52:57 +00:00
DiptoChakrabarty
ba9dccb26d fix comments in consts 
Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>
 2022-01-18 10:04:58 +05:30
joshvanl
5019aaacfc Update SecretTemplate API comments to highlight that annotations are 
appended to base annotations

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:40:13 +00:00
joshvanl
86ae0545d2 Update SecretTemplate API comments with new behaviour. 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
43c72dd490 Update Certificates SecretTemplate API comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
685dd79c0c Makes some minor API naming changes, and clears up some docs around the 
Certifcate's additional output formats.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-14 20:00:26 +00:00
Thierry Sallé
7f8641dd94 [additionalOutputFormats] Update comments and add more tests 
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Thierry
81f308221b Add certifcate additionalOutputFormats parameter 
DER Format to create key.der binary format of the private key.

CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.

Added Unit and e2e tests for secret with Additional output format.

Feature flag AdditionalCertificateOutputFormats to enable feature.

Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
DiptoChakrabarty
e7c75832af few more fixes 
Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>
 2022-01-13 19:47:11 +05:30
James Munnelly
ea2d04e2c0 Add webhook-specific 'feature' package and wire it up through config 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:17:38 +00:00
Richard Wall
17a2ec5198 update-bazel.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
1fc14676f6 Move deprecated type definitions to the internal package 
find pkg/apis/{acme,certmanager} -mindepth 1 -maxdepth 1 -not -name v1  -type d | while read d; do v=$(basename $d); g=$(basename $(dirname $d)); git mv -k $d/*.go internal/apis/$g/$v/; done

find pkg/apis/{acme,certmanager} -mindepth 1 -maxdepth 1 -not -name v1  -type d | while read d; do v=$(basename $d); g=$(basename $(dirname $d)); git rm -rf $d/; done

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
James Munnelly
ce3f3fc1f2 Regenerate files 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
James Munnelly
1a96d9f32d config.cert-manager.io -> webhook.config.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
James Munnelly
9fce2ba5b0 Move files to create config.webhook.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 15:15:44 +00:00
James Munnelly
48a5efea5d Fix copyright headers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
97863d245f Regenerate files 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
afa8e5a304 Refactoring webhook initialisation to support early config handling 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
fb81666e56 Add config.cert-manager.io API group 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
Igor Zibarev
f9ceb8a73e Fix some lint issues regarding comments 
References issue #4457

Signed-off-by: Igor Zibarev <zibarev.i@gmail.com>
 2021-11-02 13:57:20 +03:00
James Munnelly
b3159537e1 Remove unused codegen tags 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 15:43:50 +01:00
irbekrm
cb6a746726 Runs ./hack/update-all.sh 
New format of Go build tags gets added

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-09-30 10:08:19 +01:00